Surely the controller has a legitimate interest to know who has its books and be able to contact them to request them back and/or bill them and follow up with litigation (highly unlikely in reality) if they refuse to pay.
If we are talking about marketing to current customers you could consider legitimate interest as your legal basis under GDPR/DP Bill and 'soft opt-in' as your basis under PECR, this avoids having to have consent. Higher risk? Maybe.
Kind Regards,
Murray Bryant
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Peter Dinsdale
Sent: Wednesday, April 04, 2018 2:43 PM
To: [log in to unmask]
Subject: Re: [data-protection] Revalidating consent
*********************************************************
This email has reached the Bank via the Internet or an external network
*********************************************************
Is there a legitimate interest in the data controller being able to maintain membership records / records of book lending and to issue charges in the event of late returns?
Regards,
Peter Dinsdale
Data Protection Consultant
Perfect Image /
T: 0191 238 0111
www.perfect-image.co.uk
Follow us on Twitter http://twitter.com/perfectimage
-----Original Message-----
From: This list is for those interested in Data Protection issues <[log in to unmask]> On Behalf Of Ben Heathcote
Sent: 04 April 2018 14:36
To: [log in to unmask]
Subject: Re: [data-protection] Revalidating consent
True. I don't see a legitimate interest to the data controller in this case though. I may be missing something glaringly obvious, in which case please do point it out! It's been one of those weeks already...
Ben Heathcote
Information Security Officer (Compliance) Information Security & Governance Team IT Service Newcastle University
NE1 7RU
Telephone: 0191 208 6950
Email: [log in to unmask]
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Jon Baines
Sent: 31 March 2018 10:54
To: [log in to unmask]
Subject: Re: [data-protection] Revalidating consent
Legitimate interests of the data subject and the data controller (or third party) don’t always have to be in clear opposition. Where there is mutual and understood benefit then it’s a banker.
(This reply is more to Ben).
Jon Baines,
Chair,
nadpo.co.uk
***********************************************************************************
This e-mail (including any attachments) is intended only for the addressee(s) named above. Its contents may be confidential. If you receive this e-mail in error, please immediately contact the sender and delete this e-mail. Unauthorised use, disclosure, storage or copying of this email and any attachments is not permitted and may be unlawful.
The Bank of England is located at Threadneedle Street, London EC2R 8AH. The Prudential Regulation Authority is located at 20 Moorgate, London EC2R 6DA. Please visit www.bankofengland.co.uk.
***********************************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|